The study looked at the potential consequences of doxing, a practice where a person shares information about another individual without their consent with the aim of embarrassing, hurting them or putting them into harm. Kaspersky added that particularly determined abusers may even go as far as hacking into the target’s online accounts, a service that can be purchased on the dark web.
In their analysis of active offers on 10 international darknet forums and marketplaces, the researchers revealed the very high demand there is for individuals’ private information. The cost of an ID is as little as 50 cents, and varies according to the type and detail of data on offer. They also found that personal financial information, such as credit card details, banking and e-payment service access have remained just as much in demand as around a decade ago, with prices unchanged in recent years.
In the hands of malicious actors, this type of data can have severe consequences for the victims, potentially leading to extortion scams, phishing attacks, direct theft of money and social damage such as doxing. In recent years, new types of data have gained prominence. This includes personal medical records and selfies with personal ID documents, the latter of which can enable bad actors to take a victim’s name or services on the basis of their identity.
Dmitry Galov, security researcher at Kaspersky’s GReAT, commented: “In the past few years many areas of our lives have become digitized – and some of them, such us our health, for instance, are especially private. As we see by the increasing number of leaks, this leads to more risks for users. However, there are positive developments too – many organizations are taking extra steps to secure their users’ data. Social media platforms have made especially significant progress in this regard as it is much harder now to steal an account of a specific user.
“That said, I believe our research highlights how important it is to be aware that your data is in fact in demand and can be used for malicious purposes even if you do not especially have lots of money, do not voice controversial opinions and are generally not very active online.”